<?php

	/*
	* file: edit.php
	*
	* contents:	edit page. Allows user to edit documents attributes
	*
	* author: Zanco Federico
	*/



	/*
	* function makeDocEditQuery()
	*
	* Input required:	none
	*
	* Output:	return a query to insert new documents on database
	*
	* Author: Federico Zanco
	*/

	function makeDocEditQuery() {
		global $docFieldsName, $con;

		//get doc_num value passed via GET
		$docNum = $_GET['doc_num'];
		
		//start making query string
		$query = "UPDATE documents AS d SET ";
		
		//created_by
		if ($_GET['created_by'] != "")
			$query = $query . "d.created_by=\"" . $_GET['created_by'] . "\",";
		
		//expires
		if ($_GET['expires'] != "" && $_GET['expires'] != "N/A")
			$query = $query."d.expires=\"" . normal2MysqlDate($_GET['expires']) . "\",";
		
		//type
		$query = $query . "d.type=\"" . $_GET['type'] . "\",";
		
		//department
		if ($_GET['department'] != "" && $_SESSION['department'] = 'Amministrazione')
			$query = $query . "d.department=\"" . $_GET['department'] . "\",";
		else
			$query = $query . "d.department=\"" . $_SESSION['department'] . "\",";
		
		//description
		$query = $query . "d.description=\"" . $_GET['description'] . "\",";
		
		$query = rtrim($query, " ,") . " WHERE d.doc_num=\"" . $_GET['doc_num'] . "\" AND d.from=\"" . $_GET['from'] . "\" AND d.to=\"" . $_GET['to'] . "\"";

		return $query;
	}



	//main

	include("init.php");
	
	/* Parameters for the pages */ 
	  
	//Header
	$pageTitle = "Modifica un documento";
	$pageDescription = "Pagina di modifica di un documento";
	
	//Content
	$title = "Modifica un documento";
	$errorsText = "";
	
	$text = "";

	//clean from and to values from extra '/' chars	
	$_GET['from'] = stripslashes($_GET['from']);
	$_GET['to'] = stripslashes($_GET['to']);

	//and if was posted a description clean it too
	if (isset($_GET['description']))
		$_GET['description'] = stripslashes($_GET['description']);
	
	//if a complete key was posted...
	if ( isset($_GET['doc_num']) && isset($_GET['from']) && isset($_GET['to']) ) {

		// if Modifica button has been pressed 
		if ($_GET['Modifica'] != "") {

			//next lines pass input get by GET to POST becouse errors checking works with POST
			if (isset($_GET['expires']))
				$_POST['expires'] = $_GET['expires'];

			if (isset($_GET['created_by']))
				$_POST['created_by'] = $_GET['created_by'];

			if (isset($_GET['type']))
				$_POST['type'] = $_GET['type'];
			
			//if user belong to Amministrazione add a POST value for department. It will be used by UI and for errors checking
			if ($_SESSION['department'] == "Amministrazione" && isset($_GET['department']))
				$_POST['department'] = $_GET['department'];
			else
				$_POST['department'] = $_SESSION['department'];

			//check for errors
			$errorsText = errors2Text(checkErrorsMod());

			//if no errors found
			if ($errorsText == "") {

				//make the update query and notify the happy end
				$res = query(makeDocEditQuery(), $con);
				$errorsText = "Dati documento modificati con successo!<br />
								<a href=\"javascript:history.go(-2)\">Torna ai risultati della ricerca</a>";
			}
		}
	
		//reget entry values
		$query = "SELECT * FROM documents as d WHERE ";
		$query = $query . "d.doc_num=\"" . $_GET['doc_num'] . "\" AND d.to=\"" . $_GET['to'] . "\" AND d.from=\"" . $_GET['from'] . "\"";
		
		$res = query($query, $con);
		
		if (mysql_affected_rows($con) == 1) {
			$text = showFormDocEdit($res);
		} else {
			$errorsText = "Il documento richiesto non esiste!";
		}
	} else
		$errorsText = "Il documento richiesto non esiste!";

	showHeader($pageTitle, $pageDescription);
	showMenu();
	showContents($title, $errorsText, $text);
	showFooter($lastRev);
	
	disconnect($con);
	
?>
